E-MAIL A FRIEND
PRINTER FRIENDLY
SAVE ARTICLE
FOR REPRINTS
Donahue admitted that the CIA does not know who was responsible for the attacks or what their motive might be
There have been a number of cyber-attacks on critical national infrastructure targets around the world, including an attack against power-grids causing blackouts in multiple cities, the CIA has revealed.
US computer security training organisation, the Sans Institute, reported the disclosure last week.
Tom Donahue, a senior analyst at the CIA, told a gathering of 300 US and European government officials, engineers and security officers from critical industry: “We have information from multiple regions outside the United States, of cyber intrusion into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge.
“We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities.”
Donahue admitted that the CIA does not know who was responsible for the attacks or what their motive might be. All attacks involved were executed via the Internet, he added.
In some cases, said Donahue, there has been evidence of extortion following successful intrusions.
While the CIA does not normally reveal such information, it determined that, on this occasion, disclosure was in the public interest.
Cyber-hijack, particularly in the form of distributed denial of service attacks (DDoS), is by no means a new phenomenon, but it has previously been confined to ecommerce businesses. Online industries including gaming, pornography and payment providers have long been victims of extortive DDoS attacks, says DDoS mitigation company Prolexic.
This is one of the first instances, however, in which a cyber-attack against critical national infrastructure assets has been confirmed by government officials. The development highlights the growing sophistication and ambition of cyber-crime and cyber-terrorism.
In May 2007, Information Age reported on the growing frequency of such attacks, in which groups of politically or financially motivated individuals intrude and subsequently disable or disrupt organisations’ IT operations, typically over the Internet.
Phyllis Schneck, chair of InfraGard, the FBI-run IT security programme, warned Information Age that a coordinated cyber-attack against the national critical infrastructure “is not a matter of if, it’s a matter of when”.
Further reading
Political activists to blame for cyber assault
China's blueprint for cyber war
Fraudsters steal identity of Barclays' chairman
Norwich Union fined for ID theft
Find more stories in the Security & Continuity Briefing Room
